DRM plugins

ABSTRACT

Presented is a system and methods for receiving metadata, a decryption module and encrypted content from a cable headend, decrypting the encrypted content with the decryption module and presenting the decrypted content to a user. The client device can receive, load and execute any decryption module compatible with the system framework allowing flexibility in the choice or changing of client device manufacturer and/or Digital Rights Management system vendor.

TECHNICAL FIELD

The present invention relates generally to Digital Rights Management(DRM) systems and more specifically to a framework for implementing amulti-vendor DRM system on a client device.

BACKGROUND

The digital age has provided great convenience to society with regard tothe online availability of entertainment content. What once began as atrip to the theatre to see a movie became a trip to the video store topick up a digital video disc (DVD) and now is a selection on thetelevision screen to stream a content provider's movie from a serviceprovider to the subscriber's client device for playback.

A realized requirement of the evolution of digital content and theability to transmit the digital content from a service provider to asubscriber's client device is the need for encrypting the digitalcontent before transmission to protect the property rights of thecontent provider. Historically, a content provider delivered unprotecteddigital content to a service provider. The service provider, using a DRMsystem based on the cable headend/client device combination selected bythe service provider, encrypted the digital content. The encryptedcontent was then delivered to authorized service provider subscribers,along with a key required for decryption. The client device,manufactured with a specific DRM system vendor's decryption module,combined the key with the decryption module, decrypted the content andpresented the content to the user.

As the DRM system market evolved, an increasing number of DRM systemvendors appeared, providing incompatible proprietary DRM systems. Overtime, a service provider distributed client devices from differentmanufacturers, with different DRM system decryption modules.Consequently, when a subscriber selected digital content, the serviceprovider had to determine which client device was in use and deliver theencrypted digital content compatible with the decryption module in useby the client device.

The net result of the distribution of client devices with different DRMsystem implementations is the requirement for a service provider tomaintain multiple copies of the same content, with each copyimplementing a different DRM system. The redundancy of encrypted digitalcontent is required because the state of the art for client devices ishard coded support for a single DRM system and its associated decryptionmodule.

In another shortcoming of the state of the art in service provider basedcontent delivery systems, the content provider is unable to select a DRMsystem vendor of their choice and deliver the service provider encryptedcontent and a decryption system useable by the service provider'sinstalled client devices. Demand is increasing for content providers toselect their own DRM system and deliver encrypted content. Further,service providers would like the flexibility to select new contentdelivery systems based on advances in technology and a competitivemarketplace instead of a selection based predominantly on the cost ofreplacing the installed base of client devices.

Market pressure for a solution allowing a client device to decrypt acontent provider's content regardless of the DRM system vendor selectedby the content provider has led to several attempts to solve theproblem. For instance, a DRM system vendor can provide differentdecryption algorithms associated with their proprietary DRM system butnot allow decryption of content encrypted by other DRM system vendors.Although these attempts are useful, they still require the serviceprovider to maintain one copy of the encrypted content for eachsupported DRM system vendor. They do not, however, allow a client deviceto decrypt a content provider's content regardless of the DRM systemimplemented by the content provider or the service provider.

Accordingly, it would be desirable to provide a solution that allows aservice provider to maintain a single copy of a content provider'scontent, encrypted by a DRM system of the content/service provider'schoosing, and a client device capable of decrypting content encrypted byany available DRM system. The solution should also provide, among otherthings, the ability for a content/service provider to change DRM systemswithout requiring the distribution of new client devices by the serviceprovider. Further, the solution should allow a service provider toselect a new hardware vendor for their cable headend/client deviceswithout requiring the content/service provider to change DRM systemvendors.

SUMMARY

Systems and methods according to the present invention address themarket needs described above by providing a framework on the clientdevice for receiving a decryption module capable of decrypting theselected digital content based on the specific DRM system used toencrypt the digital content. In one exemplary embodiment, the decryptionmodule is embedded in the digital content streamed from the serviceprovider to the client device. Further, metadata, also provided in thestream from the cable headend to the client device, and known to theframework, instructs the client device in extracting the decryptionmodule from the streaming data. The exemplary client device then usesthe extracted decryption module and the previously provided key todecrypt the remainder of the stream and display the content to theservice provider subscriber.

In one aspect of an exemplary embodiment, the digital content streamedfrom the service provider's cable headend to the client device cancontain metadata indicating the encryption type. Based on thisinformation, the client device can request the appropriate decryptionmodule from the cable headend. After receiving the decryption module andthe key, the exemplary client device can decrypt the streamed digitalcontent and display the digital content to the service providersubscriber. In another aspect of an exemplary embodiment, the clientdevice can determine if the decryption module currently installed in theframework is compatible with the newly selected digital content. If thecurrently streaming digital content and the installed decryption moduleare compatible then there is no need to request a new decryption moduleand the client device can begin decrypting and displaying the digitalcontent.

According to another exemplary embodiment, a content provider can selectone or more DRM vendors and provide encrypted content to a serviceprovider. The content provider has the flexibility to select or changeDRM system vendors based on non-limiting factors such as the type ofdigital content to be encrypted or the availability of lower cost DRMsystems. The content provider creates decryption modules, compatiblewith the framework installed on the client device, for each implementedDRM system. The content provider encrypts the digital content andcombines the encrypted content with the decryption module and themetadata for locating the encryption module in the digital content fileprovided to the service provider. When the digital content is selectedby a subscriber, the service provider streams the content, including themetadata and the decryption module to the client device and the clientdevice framework extracts the decryption module, based on the metadatainformation, decrypts the digital content and display the digitalcontent to the subscriber. In this context, the unencrypted contentexists only transiently on the client device as it is displayed to thesubscriber.

According to another exemplary embodiment, the decryption modules existseparately from the encrypted digital content and a reference to therequired decryption module is embedded in the digital content along withmetadata identifying the location of the decryption module reference.The digital content is streamed to the client device and the framework,based on the metadata, extracts the reference from the digital contentand requests the appropriate decryption module from the cable headend.The cable headend sends the requested decryption module, and thedecryption key, to the client device and the client device decrypts theencrypted digital content and displays the digital content to thesubscriber.

In another exemplary embodiment, a method for decrypting encryptedcontent, from a content provider, on a client device associated with aservice provider is presented. The exemplary method includes thefollowing steps. First in the exemplary method, the client devicereceives metadata, identifying a location of a decryption module, from aservice provider. Next in the exemplary method, the client devicereceives the decryption module from the specified location. Continuingin the exemplary method, the client device decrypts the encryptedcontent using the decryption module and a decryption key previouslyobtained from the service provider. Next in the exemplary method, theclient device processes the decrypted content.

According to another exemplary embodiment, a system for decrypting, by aclient device, an encrypted portion of a digital content streamtransmitted from a service provider toward the client device ispresented. The exemplary system includes a metadata component fordetermining the location of a decryption module based on the receivedmetadata. The exemplary system also includes a decryption component forobtaining a decryption module from the location specified by themetadata. Further, the exemplary system includes a client engineframework for facilitating the interaction between the metadatacomponent and the decryption component.

In another exemplary embodiment, a method for delivering a decryptionmodule, based on encrypted content from a content provider, from aservice provider to a client device is presented. First in the exemplarymethod, the service provider transmits metadata associated withidentifying a location of a decryption module toward the client device.Next in the exemplary method, the service provider transmits thedecryption module towards the client device. Next in the exemplarymodule, the service provider transmits the encrypted content toward theclient device.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings illustrate exemplary embodiments, wherein:

FIG. 1 depicts an exemplary system for delivering metadata, encryptionmodules and encrypted content to a subscriber;

FIG. 2 depicts an exemplary system for delivering metadata, encryptionmodules and encrypted content from a service provider cable headend to asubscriber client device;

FIG. 3 depicts an exemplary system for delivering metadata, encryptionmodules and encrypted content from a service provider server frameworkcomponent of a cable headend to a subscriber client device;

FIG. 4 depicts an exemplary system for delivering metadata, encryptionmodules and encrypted content from a service provider server frameworkcomponent of a cable headend to a subscriber client device clientframework;

FIG. 5 depicts a method of decrypting encrypted content based onreceiving metadata and a decryption module, compatible with theencrypted content, from a service provider;

FIG. 6 depicts a method of providing metadata, decryption modules andencrypted content from a service provider to a client device; and

FIG. 7 depicts an exemplary computing device for implementing a systemfor adjusting virtual key positions and sizes on a virtual keyboardbased on a user signature according to an exemplary embodiment.

DETAILED DESCRIPTION

The following detailed description of the exemplary embodiments refersto the accompanying drawings. The same reference numbers in differentdrawings identify the same or similar elements. Also, the followingdetailed description does not limit the invention. Instead, the scope ofthe invention is defined by the appended claims.

Looking first to FIG. 1, a diagram of an exemplary digital rightsmanagement (DRM) plugins system 100 for delivering metadata, decryptionmodules and encrypted digital content from a content provider through aservice provider to a subscriber is illustrated. The exemplary DRMplugins system 100 includes but is not limited to an exemplary contentprovider 102, an exemplary service provider 104 and an exemplarysubscriber 106. The content provider 102 provides the digital content tothe service provider 104 for distribution to authorized subscribers 106.

In one exemplary embodiment, the content provider 102 can encrypt thedigital content with an encryption module associated with a DRM systemselected by the content provider 102. Continuing with the exemplaryembodiment, the content provider 102 can deliver the encrypted digitalcontent and a compatible decryption module to the service provider 104.In another aspect of the exemplary embodiment, the subscriber 106selects an encrypted digital content and the service provider 104prepares the digital content for delivery. In a further aspect of theexemplary embodiment, the service provider 104 can generate metadataassociated with the compatible decryption module and transmit themetadata toward the subscriber 106. Continuing with the exemplaryembodiment, the service provider 104 can transmit the decryption moduletoward the subscriber 106 and then can transmit the encrypted contenttoward the subscriber 106. In another aspect of the exemplaryembodiment, the subscriber 106 can process the metadata and candetermine a location in the digital stream of the decryption module andcan extract the decryption module from the digital stream. Continuingwith the exemplary embodiment, the subscriber can execute the decryptionmodule, decrypt the encrypted digital content and provide the decrypteddigital content to a user.

In another exemplary embodiment, the metadata, generated by the serviceprovider 104 and transmitted toward the subscriber 106, can provide thesubscriber 106 a reference to the location of the decryption module,with the decryption module located, for example, on a server associatedwith the service provider 104 or, in another example, on a serverassociated with the content provider 106. Continuing with the exemplaryembodiment, the subscriber 106 can obtain the decryption module from thelocation specified by the reference, execute the decryption module,decrypt the encrypted digital content and provide the decrypted digitalcontent to a user.

In another exemplary embodiment, the content provider 102 can deliverunencrypted digital content to the service provider 104 and allow theservice provider 104 to encrypt the unencrypted digital content with anencryption module associated with a DRM system selected by the serviceprovider. In a further aspect of the exemplary embodiment, the serviceprovider 104 can generate the metadata associated with the encrypteddigital content and transmit the metadata and the decryption moduletoward the subscriber 106. Continuing with the exemplary embodiment, theservice provider can forward the encrypted digital content toward thesubscriber. In another aspect of the exemplary embodiment, thesubscriber 106 can obtain the decryption module based on a locationspecified in the metadata and can execute the decryption module todecrypt the encrypted digital content. Further, the exemplary embodimentsubscriber 106 can display the decrypted digital content to a user.

Continuing with FIG. 2, another exemplary embodiment of a DRM pluginssystem 200 is illustrated. In this exemplary embodiment, the serviceprovider 104 can include a cable headend 202 as the hardware andsoftware system implementing the server side support of the exemplaryDRM plugins system 200 and the subscriber 106 can include a clientdevice 204 as the hardware and software system implementing theexemplary DRM plugins system 200 framework. In another aspect of theexemplary embodiment, the service provider 104 can have a plurality ofcable headends 202 and the cable headends 202 can be from differentmanufacturers. In a further aspect of the exemplary embodiment, eachcable headend 202 can support a plurality of client devices 204 and theclient devices 204 can be from different manufacturers. Continuing withanother aspect of the exemplary embodiment, the client device can be aset top box for providing audio and video digital content to a user forviewing on a television or a personal computer.

Turning now to FIG. 3, another exemplary embodiment of a DRM pluginssystem 300 can include a cable headend 202 and its associated serverframework 302 and content streaming system 312. Continuing with theexemplary embodiment, the server framework 302 can include metadatastorage 304, decryption module storage 306, encrypted content storage308 and a server framework engine 310. In one aspect of the exemplaryembodiment, the metadata storage 304 can provide storage for themetadata associated with a plurality of decryption modules. In anotheraspect of the exemplary embodiment, the server framework engine 310 canobtain metadata from the metadata storage 304 based on the encrypteddigital content selected by a user.

Continuing with the exemplary embodiment, decryption module storage 306can provide storage for a plurality of decryption modules associatedwith encrypted digital content. In another aspect of the exemplaryembodiment, the encryption modules can be supplied by, but not limitedto, the content provider 102, the service provider 104 or as part of aDRM system obtained from a DRM system vendor. Further, in another aspectof the exemplary embodiment, encrypted content storage 308 can providestorage for a plurality of encrypted content. In one aspect of theexemplary embodiment, an encrypted digital content from the encryptedcontent storage 308 can be matched to a decryption module from thedecryption module storage 306 and metadata from the metadata storage 304based on a user selection of an encrypted digital content.

In another aspect of the exemplary embodiment, a server framework engine310 can receive a request from a client device 204, delivered through acontent streaming system 312, for a particular encrypted digital contentstored on encrypted content storage 308. Continuing with the exemplaryembodiment, the server framework engine 310 can obtain the metadata fromthe metadata storage 304 and the decryption module from the decryptionmodule storage 306 associated with the selected encrypted digitalcontent. In another aspect of the exemplary embodiment, the serverframework engine 310 can transmit the metadata, decryption module andencrypted content through the content streaming engine 312 to therequesting client device 204.

Looking now to FIG. 4, another exemplary embodiment of a DRM pluginssystem 400 can include a client device 204 and its associated clientframework 402 and display component 410. Continuing with the exemplaryembodiment, the client framework 402 can include a client frameworkengine 404, a metadata component 406 and a decryption component 408. Inanother aspect of the exemplary embodiment, the client framework enginecomponent 404 can coordinate the operation of the metadata component 406and the decryption component 408. In another aspect of the exemplaryembodiment, the client framework engine can process communicationsbetween the content streaming system 312 of the cable headend 202 andthe client device 204. Continuing with the exemplary embodiment, theclient framework engine component 404 can engage the metadata component406 and/or the decryption component 408 to further process the digitaldata stream.

In another aspect of the exemplary embodiment, the metadata component406, when directed by the client framework engine component 404, cananalyze the digital data stream and determine the location of thedecryption module associated with the encrypted portion of the digitaldata stream. Continuing with the exemplary embodiment, the metadatacomponent 406 can analyze the digital data stream and determine the typeof decryption module associated with the encrypted portion of thedigital data stream. In the exemplary embodiment, the metadata component406 can determine if the decryption module type specified in the digitaldata stream matches the decryption module type currently installed inclient device 204 then the encrypted portion of the digital data streamcan be decrypted without making any further configuration changes to theclient device 204.

Continuing with the exemplary embodiment, the decryption component 408can obtain, load and execute the decryption module, located by themetadata component 406, and decrypt the encrypted portion of the digitaldata stream. In another aspect of the exemplary embodiment, thedecryption component 408 can maintain storage for the currentlyinstalled decryption module allowing reuse of the decryption moduleuntil the arrival of encrypted digital content associated with adifferent encryption module. Continuing with the exemplary embodiment,the decryption component 408 can direct the decrypted digital datastream to the display component 410 for display on the user's displaydevice.

Additionally, it should be noted that as used in this application, termssuch as “component,” “display,” “interface,” and other similar terms areintended to refer to a computing device, either hardware, a combinationof hardware and software, software, or software in execution as appliedto a computing device implementing a virtual keyboard. For example, acomponent may be, but is not limited to being, a process running on aprocessor, a processor, an object, an executable, a thread of execution,a program and a computing device. As an example, both an applicationrunning on a computing device and the computing device can becomponents. One or more components can reside within a process and/orthread of execution and a component can be localized on one computingdevice and/or distributed between two or more computing devices, and/orcommunicatively connected modules. Further, it should be noted that asused in this application, terms such as “system user,” “user,” andsimilar terms are intended to refer to the person operating thecomputing device referenced above.

Further, the term to “infer” or “inference” refer generally to theprocess of reasoning about or inferring states of the system,environment, user, and/or intent from a set of observations as capturedvia events and/or data. Captured data and events can include user data,device data, environment data, behavior data, application data, implicitand explicit data, etc. Inference can be employed to identify a specificcontext or action, or can generate a probability distribution overstates, for example. The inference can be probabilistic in that thecomputation of a probability distribution over states of interest basedon a consideration of data and events. Inference can also refer totechniques employed for composing higher-level events from a set ofevents and/or data. Such inference results in the construction of newevents or actions from a set of observed events and/or stored eventdata, whether or not the events are correlated in close temporalproximity, and whether the events and data come from one or severalevent and data sources.

Looking now to FIG. 5, an exemplary method embodiment 500 based ondownloading metadata and decryption modules to a client device 204 fordecrypting encrypted digital content by the client device 204 isdepicted. Starting at exemplary method embodiment step 502, the clientdevice 204 can receive metadata in a digital data stream from a cableheadend 202. In this exemplary method embodiment, the metadata canprovide the location of the decryption module in the digital datastream. For a non-limiting example, the location can be specified as anoffset from the beginning of the digital data stream to the beginning ofthe decryption module, in the digital data stream, and the length of thedecryption module. Next, at exemplary method embodiment step 504, theclient device 204 can receive the decryption module in the digital datastream. For another non-limiting example, the client device 204 canreceive the decryption module by extracting the decryption module fromthe digital data stream and storing the decryption module for use indecrypting the encrypted portion of the digital data stream. In theexemplary method embodiment, the client device 204 can locate theencryption module in the digital data stream based on the previouslyreceived metadata.

Continuing to exemplary method embodiment step 506, the downloadeddecryption module can be installed in the client framework 402 andexecuted to decrypt the encrypted portion of the digital data stream. Inanother non-limiting example, the decryption module can be a Java moduleand can be executed in a Java virtual machine. Next, at exemplary methodembodiment step 508, the client device 204 can process the decrypteddigital data stream and provide the decrypted and processed digital datastream to the display component 410 for display to the user. In afurther non-limiting example, the client device 204 can be a set top boxand the set top box and the decrypted output can be a pay-per-view moviestreamed to a user's television for display.

Looking now to FIG. 6, an exemplary method embodiment 600 fortransmitting metadata, decryptions modules, and encrypted digital datais depicted. Beginning at exemplary method embodiment step 602, thecable headend 202 can transmit metadata toward a client device 204. Anexemplary metadata transmission can include, but is not limited to, thelocation of the decryption module in the digital data stream. Next, atexemplary method embodiment step 604, the cable headend can transmit adecryption module toward the client device 204. In a non-limitingexemplary method embodiment, the decryption module can be placed in thedigital data stream at a location specified in the previouslytransmitted metadata. In another non-limiting exemplary methodembodiment, a reference to the identity of the decryption module and thestorage location of the decryption module on the cable headend 202, canbe placed in the digital data stream, at a location specified in thepreviously transmitted metadata and transmitted toward the client device204. Next, at exemplary method embodiment step 606, the cable headend202 can transmit the encrypted content to the client device 204. Inanother non-limiting exemplary embodiment, the encrypted content can bea pay-per-view sporting event transmitted to a user's personal computerfor display.

FIG. 7 illustrates an example of a suitable computing system environment700 in which the claimed subject matter can be implemented, although asmade clear above, the computing system environment 700 is only oneexample of a suitable computing environment for a mobile device and isnot intended to suggest any limitation as to the scope of use orfunctionality of the claimed subject matter. Further, the computingenvironment 700 is not intended to suggest any dependency or requirementrelating to the claimed subject matter and any one or combination ofcomponents illustrated in the example operating environment 700.

Looking now to FIG. 7, an example of a device for implementing thepreviously described innovation includes a general purpose computingdevice in the form of a computer 710. Components of computer 710 caninclude, but are not limited to, a processing unit 720, a system memory730, and a system bus 721 that couples various system componentsincluding the system memory to the processing unit 720. The system bus721 can be any of several types of bus structures including a memory busor memory controller, a peripheral bus, and a local bus using any of avariety of bus architectures.

Computer 710 can include a variety of computer readable media. Computerreadable media can be any available media that can be accessed bycomputer 710. By way of example, and not limitation, computer readablemedia can comprise computer storage media and communication media.Computer storage media includes volatile and nonvolatile as well asremovable and non-removable media implemented in any method ortechnology for storage of information such as computer readableinstructions, data structures, program modules or other data. Computerstorage media includes, but is not limited to, RAM, ROM, EEPROM, flashmemory or other memory technology, CDROM, digital versatile disks (DVD)or other optical disk storage, magnetic cassettes, magnetic tape,magnetic disk storage or other magnetic storage devices, or any othermedium which can be used to store the desired information and which canbe accessed by computer 710. Communication media can embody computerreadable instructions, data structures, program modules or other data ina modulated data signal such as a carrier wave or other transportmechanism and can include any suitable information delivery media.

The system memory 730 can include computer storage media in the form ofvolatile and/or nonvolatile memory such as read only memory (ROM) and/orrandom access memory (RAM). A basic input/output system (BIOS),containing the basic routines that help to transfer information betweenelements within computer 710, such as during start-up, can be stored inmemory 730. Memory 730 can also contain data and/or program modules thatare immediately accessible to and/or presently being operated on byprocessing unit 720. By way of non-limiting example, memory 730 can alsoinclude an operating system, application programs, other programmodules, and program data.

The computer 710 can also include other removable/non-removable andvolatile/nonvolatile computer storage media. For example, computer 710can include a hard disk drive that reads from or writes tonon-removable, nonvolatile magnetic media, a magnetic disk drive thatreads from or writes to a removable, nonvolatile magnetic disk, and/oran optical disk drive that reads from or writes to a removable,nonvolatile optical disk, such as a CD-ROM or other optical media. Otherremovable/non-removable, volatile/nonvolatile computer storage mediathat can be used in the exemplary operating environment include, but arenot limited to, magnetic tape cassettes, flash memory cards, digitalversatile disks, digital video tape, solid state RAM, solid state ROMand the like. A hard disk drive can be connected to the system bus 721through a non-removable memory interface such as an interface, and amagnetic disk drive or optical disk drive can be connected to the systembus 721 by a removable memory interface, such as an interface.

A user can enter commands and information into the computer 710 throughinput devices such as a keyboard or a pointing device such as a mouse,trackball, touch pad, and/or other pointing device. Other input devicescan include a microphone, joystick, game pad, satellite dish, scanner,or similar devices. These and/or other input devices can be connected tothe processing unit 720 through user input 740 and associatedinterface(s) that are coupled to the system bus 721, but can beconnected by other interface and bus structures, such as a parallelport, game port or a universal serial bus (USB).

A graphics subsystem can also be connected to the system bus 721. Inaddition, a monitor or other type of display device can be connected tothe system bus 721 through an interface, such as output interface 750,which can in turn communicate with video memory. In addition to amonitor, computers can also include other peripheral output devices,such as speakers and/or printing devices, which can also be connectedthrough output interface 750.

The computer 710 can operate in a networked or distributed environmentusing logical connections to one or more other remote computers, such asremote server 770, which can in turn have media capabilities differentfrom device 710. The remote server 770 can be a personal computer, aserver, a router, a network PC, a peer device or other common networknode, and/or any other remote media consumption or transmission device,and can include any or all of the elements described above relative tothe computer 710. The logical connections depicted in FIG. 7 include anetwork 771, such as a local area network (LAN) or a wide area network(WAN), but can also include other networks/buses.

When used in a LAN networking environment, the computer 710 is connectedto the LAN 771 through a network interface or adapter 760. When used ina WAN networking environment, the computer 710 can include acommunications component, such as a modem, or other means forestablishing communications over a WAN, such as the Internet. Acommunications component, such as a modem, which can be internal orexternal, can be connected to the system bus 721 through the user inputinterface at input 740 and/or other appropriate mechanism.

In a networked environment, program modules depicted relative to thecomputer 710, or portions thereof, can be stored in a remote memorystorage device. It should be noted that the network connections shownand described are exemplary and other means of establishing acommunications link between the computers can be used.

The above-described exemplary embodiments are intended to beillustrative in all respects, rather than restrictive, of the presentinnovation. Thus the present innovation is capable of many variations indetailed implementation that can be derived from the descriptioncontained herein by a person skilled in the art. All such variations andmodifications are considered to be within the scope and spirit of thepresent invention as defined by the following claims. No element, act,or instruction used in the description of the present application shouldbe construed as critical or essential to the invention unless explicitlydescribed as such. Also, as used herein, the article “a” is intended toinclude one or more items.

The invention claimed is:
 1. A method, stored in a memory and executingon a processor of a client device, for decrypting a selected digitalcontent which is encrypted using one of a plurality of differentencryption techniques, said method comprising: receiving a digitalcontent stream from a service provider, wherein the digital contentstream further comprises said selected digital content, a decryptionmodule associated with said one of said plurality of differentencryption techniques, said decryption module capable of decrypting theselected digital content, and metadata that instructs said client devicein extracting the decryption module from said digital content stream;extracting said decryption module as instructed by said metadata fromsaid digital content stream; and decrypting, by said client device, saidselected digital content with said decryption module and a decryptionkey.
 2. The method of claim 1, wherein said metadata comprises abeginning location and an ending location of said decryption module inthe digital content stream from the service provider and received bysaid client device.
 3. The method of claim 1, wherein said metadatacomprises a type identifier associated with said decryption module. 4.The method of claim 1, further comprising storing, at said clientdevice, said decryption module for use with a subsequently receivedencrypted content.
 5. The method of claim 4, further comprisingreplacing said stored decryption module with a subsequently receiveddecryption module.
 6. The method of claim 3, further comprisingrequesting, by said client device, said decryption module from saidservice provider based on said type identifier.
 7. The method of claim1, wherein said client device is a set-top box and said decryptedcontent is provided to a display system.
 8. A system for decrypting aselected digital content which has been encrypted using one of aplurality of different encryption techniques, said system comprising: aprocessor for executing computer instructions and a non-transitorycomputer-readable memory for storing computer-readable instructionswherein said computer-readable instructions, when executed by saidprocessor, are configured to: receive a digital content stream from aservice provider, wherein the digital content stream further comprises:said selected digital content, a decryption module associated with saidone of said plurality of different encryption techniques, saiddecryption module capable of decrypting said selected digital content,and metadata that instructs said client device in extracting saiddecryption module from said digital content stream; extract saiddecryption module as instructed by said metadata from said digitalcontent stream; and decrypt said selected digital content with saiddecryption module and a decryption key.
 9. The system of claim 8,wherein said decryption module is extracted from an unencrypted portionof said digital content stream.
 10. The system of claim 8, wherein saidcomputer readable instructions further comprise store, in a storagelocation, said decryption module based on metadata associated with saiddecryption module.
 11. The system of claim 8, wherein said metadata isstored in an unencrypted portion of said digital content stream.
 12. Amethod, stored in a memory and executing on a processor, for deliveringa decryption module associated with one of a plurality of differentencryption techniques from a service provider to a client device, saidmethod comprising: transmitting, from said service provider, a digitalcontent stream, wherein said digital content stream further comprisesselected digital content, a decryption module associated with one ofsaid plurality of different encryption techniques, said decryptionmodule capable of decrypting said selected digital content, and metadatathat instructs said client device in extracting said decryption modulefrom said digital content stream.
 13. The method of claim 12, furthercomprising storing, at said service provider, said metadata in a firststorage location associated with said service provider.
 14. The methodof claim 12, wherein said selected digital content was encrypted, atsaid content provider, by said content provider.
 15. The method of claim12, wherein said decryption module was created, at said contentprovider, by said content provider.
 16. The method of claim 12, furthercomprising receiving, at said service provider, said decryption modulefrom said content provider.
 17. The method of claim 12, furthercomprising receiving, at said service provider, said metadata from saidcontent provider.